VMware vSphere

Our machine SSL and STS signing certificates are expiring soon. For the machine SSL, I was able to generate the CSR and upload the signed certificate using the GUI with no issues but that is not the case with the STS signing. I'm not sure why our STS certs use custom certs when it's usually self-signed. I'm guessing this is a DOD/STIG requirement but how do I generate a CSR and how do I import it afterwards? 

The GUI doesn't have an option to generate a CSR. I tried importing the certs for the machine SSL but that did not work. If I replace our current certs with VMCA  (self signed) STS certificates, will it cause a negative effect on our systems? We currently use PKI/token based log-in on our Vsphere and wanted to make sure we'll still have access to it.

 Appreciate all the help!

Hello,

Your all questions are answered in below VMware KB article. Go through it & follow the required steps

STS Short Summary -

"STS Signing Certificates are about to expire" alert received in vSphere UI

"Signing certificate is not valid" or "No healthy upstream" error in vCenter Server Appliance

vCert - Scripted vCenter expired certificate replacement

Managing the vCenter Server Security Token Service